diff options
| author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-01-03 13:22:46 -0500 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-01-05 10:42:38 -0500 |
| commit | 68c97153fb7f2877f98aa6c29546381d9cad2fed (patch) | |
| tree | 6c233c15758788758c819248a9d821d0083f4ca6 /net | |
| parent | 805a6af8dba5dfdd35ec35dc52ec0122400b2610 (diff) | |
SUNRPC: Clean up the RPCSEC_GSS service ticket requests
Instead of hacking specific service names into gss_encode_v1_msg, we should
just allow the caller to specify the service name explicitly.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/sunrpc/auth_generic.c | 6 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 40 |
2 files changed, 27 insertions, 19 deletions
diff --git a/net/sunrpc/auth_generic.c b/net/sunrpc/auth_generic.c index e010a015d996..1426ec3d0a53 100644 --- a/net/sunrpc/auth_generic.c +++ b/net/sunrpc/auth_generic.c | |||
| @@ -41,15 +41,17 @@ EXPORT_SYMBOL_GPL(rpc_lookup_cred); | |||
| 41 | /* | 41 | /* |
| 42 | * Public call interface for looking up machine creds. | 42 | * Public call interface for looking up machine creds. |
| 43 | */ | 43 | */ |
| 44 | struct rpc_cred *rpc_lookup_machine_cred(void) | 44 | struct rpc_cred *rpc_lookup_machine_cred(const char *service_name) |
| 45 | { | 45 | { |
| 46 | struct auth_cred acred = { | 46 | struct auth_cred acred = { |
| 47 | .uid = RPC_MACHINE_CRED_USERID, | 47 | .uid = RPC_MACHINE_CRED_USERID, |
| 48 | .gid = RPC_MACHINE_CRED_GROUPID, | 48 | .gid = RPC_MACHINE_CRED_GROUPID, |
| 49 | .principal = service_name, | ||
| 49 | .machine_cred = 1, | 50 | .machine_cred = 1, |
| 50 | }; | 51 | }; |
| 51 | 52 | ||
| 52 | dprintk("RPC: looking up machine cred\n"); | 53 | dprintk("RPC: looking up machine cred for service %s\n", |
| 54 | service_name); | ||
| 53 | return generic_auth.au_ops->lookup_cred(&generic_auth, &acred, 0); | 55 | return generic_auth.au_ops->lookup_cred(&generic_auth, &acred, 0); |
| 54 | } | 56 | } |
| 55 | EXPORT_SYMBOL_GPL(rpc_lookup_machine_cred); | 57 | EXPORT_SYMBOL_GPL(rpc_lookup_machine_cred); |
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index afb56553dfe7..28d72d298735 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
| @@ -392,7 +392,8 @@ static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg) | |||
| 392 | } | 392 | } |
| 393 | 393 | ||
| 394 | static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, | 394 | static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, |
| 395 | struct rpc_clnt *clnt, int machine_cred) | 395 | struct rpc_clnt *clnt, |
| 396 | const char *service_name) | ||
| 396 | { | 397 | { |
| 397 | struct gss_api_mech *mech = gss_msg->auth->mech; | 398 | struct gss_api_mech *mech = gss_msg->auth->mech; |
| 398 | char *p = gss_msg->databuf; | 399 | char *p = gss_msg->databuf; |
| @@ -407,12 +408,8 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, | |||
| 407 | p += len; | 408 | p += len; |
| 408 | gss_msg->msg.len += len; | 409 | gss_msg->msg.len += len; |
| 409 | } | 410 | } |
| 410 | if (machine_cred) { | 411 | if (service_name != NULL) { |
| 411 | len = sprintf(p, "service=* "); | 412 | len = sprintf(p, "service=%s ", service_name); |
| 412 | p += len; | ||
| 413 | gss_msg->msg.len += len; | ||
| 414 | } else if (!strcmp(clnt->cl_program->name, "nfs4_cb")) { | ||
| 415 | len = sprintf(p, "service=nfs "); | ||
| 416 | p += len; | 413 | p += len; |
| 417 | gss_msg->msg.len += len; | 414 | gss_msg->msg.len += len; |
| 418 | } | 415 | } |
| @@ -429,17 +426,18 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, | |||
| 429 | } | 426 | } |
| 430 | 427 | ||
| 431 | static void gss_encode_msg(struct gss_upcall_msg *gss_msg, | 428 | static void gss_encode_msg(struct gss_upcall_msg *gss_msg, |
| 432 | struct rpc_clnt *clnt, int machine_cred) | 429 | struct rpc_clnt *clnt, |
| 430 | const char *service_name) | ||
| 433 | { | 431 | { |
| 434 | if (pipe_version == 0) | 432 | if (pipe_version == 0) |
| 435 | gss_encode_v0_msg(gss_msg); | 433 | gss_encode_v0_msg(gss_msg); |
| 436 | else /* pipe_version == 1 */ | 434 | else /* pipe_version == 1 */ |
| 437 | gss_encode_v1_msg(gss_msg, clnt, machine_cred); | 435 | gss_encode_v1_msg(gss_msg, clnt, service_name); |
| 438 | } | 436 | } |
| 439 | 437 | ||
| 440 | static inline struct gss_upcall_msg * | 438 | static struct gss_upcall_msg * |
| 441 | gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt, | 439 | gss_alloc_msg(struct gss_auth *gss_auth, struct rpc_clnt *clnt, |
| 442 | int machine_cred) | 440 | uid_t uid, const char *service_name) |
| 443 | { | 441 | { |
| 444 | struct gss_upcall_msg *gss_msg; | 442 | struct gss_upcall_msg *gss_msg; |
| 445 | int vers; | 443 | int vers; |
| @@ -459,7 +457,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt, | |||
| 459 | atomic_set(&gss_msg->count, 1); | 457 | atomic_set(&gss_msg->count, 1); |
| 460 | gss_msg->uid = uid; | 458 | gss_msg->uid = uid; |
| 461 | gss_msg->auth = gss_auth; | 459 | gss_msg->auth = gss_auth; |
| 462 | gss_encode_msg(gss_msg, clnt, machine_cred); | 460 | gss_encode_msg(gss_msg, clnt, service_name); |
| 463 | return gss_msg; | 461 | return gss_msg; |
| 464 | } | 462 | } |
| 465 | 463 | ||
| @@ -471,7 +469,7 @@ gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cr | |||
| 471 | struct gss_upcall_msg *gss_new, *gss_msg; | 469 | struct gss_upcall_msg *gss_new, *gss_msg; |
| 472 | uid_t uid = cred->cr_uid; | 470 | uid_t uid = cred->cr_uid; |
| 473 | 471 | ||
| 474 | gss_new = gss_alloc_msg(gss_auth, uid, clnt, gss_cred->gc_machine_cred); | 472 | gss_new = gss_alloc_msg(gss_auth, clnt, uid, gss_cred->gc_principal); |
| 475 | if (IS_ERR(gss_new)) | 473 | if (IS_ERR(gss_new)) |
| 476 | return gss_new; | 474 | return gss_new; |
| 477 | gss_msg = gss_add_msg(gss_new); | 475 | gss_msg = gss_add_msg(gss_new); |
| @@ -995,7 +993,9 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) | |||
| 995 | */ | 993 | */ |
| 996 | cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW; | 994 | cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW; |
| 997 | cred->gc_service = gss_auth->service; | 995 | cred->gc_service = gss_auth->service; |
| 998 | cred->gc_machine_cred = acred->machine_cred; | 996 | cred->gc_principal = NULL; |
| 997 | if (acred->machine_cred) | ||
| 998 | cred->gc_principal = acred->principal; | ||
| 999 | kref_get(&gss_auth->kref); | 999 | kref_get(&gss_auth->kref); |
| 1000 | return &cred->gc_base; | 1000 | return &cred->gc_base; |
| 1001 | 1001 | ||
| @@ -1030,7 +1030,12 @@ gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags) | |||
| 1030 | if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags)) | 1030 | if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags)) |
| 1031 | return 0; | 1031 | return 0; |
| 1032 | out: | 1032 | out: |
| 1033 | if (acred->machine_cred != gss_cred->gc_machine_cred) | 1033 | if (acred->principal != NULL) { |
| 1034 | if (gss_cred->gc_principal == NULL) | ||
| 1035 | return 0; | ||
| 1036 | return strcmp(acred->principal, gss_cred->gc_principal) == 0; | ||
| 1037 | } | ||
| 1038 | if (gss_cred->gc_principal != NULL) | ||
| 1034 | return 0; | 1039 | return 0; |
| 1035 | return rc->cr_uid == acred->uid; | 1040 | return rc->cr_uid == acred->uid; |
| 1036 | } | 1041 | } |
| @@ -1104,7 +1109,8 @@ static int gss_renew_cred(struct rpc_task *task) | |||
| 1104 | struct rpc_auth *auth = oldcred->cr_auth; | 1109 | struct rpc_auth *auth = oldcred->cr_auth; |
| 1105 | struct auth_cred acred = { | 1110 | struct auth_cred acred = { |
| 1106 | .uid = oldcred->cr_uid, | 1111 | .uid = oldcred->cr_uid, |
| 1107 | .machine_cred = gss_cred->gc_machine_cred, | 1112 | .principal = gss_cred->gc_principal, |
| 1113 | .machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0), | ||
| 1108 | }; | 1114 | }; |
| 1109 | struct rpc_cred *new; | 1115 | struct rpc_cred *new; |
| 1110 | 1116 | ||